We hate to throw shade on World Password Day but passwords are archaic!
You must introduce a second factor for authentication. This added layer of complexity to the authentication process provides immense value in terms of addressing the risk. MFA is the biggest bang for your security buck. MFA should be turned on for everything.
The biggest risk to any organization is passwords, especially default passwords and passwords to privileged accounts – elevated access to perform special functions. These can be administrator accounts, service accounts, database connection accounts, application accounts, and others. Most of these accounts were set up years ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared, and often improperly stored.
Privileged account abuse is the most common way for hackers to compromise a system. But it starts with authentication. Proper credential storage and visibility of authentication activity are paramount for risk mitigation. Manual methods are resource-intensive, error-prone, and leave gaps.
MFA is already on your HPE NonStop server. XYGATE User Authentication (XUA) is ready with no additional software or infrastructure needed and delivers industry-standard, multi-factor authentication which integrates your NonStop environment with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others.
XYGATE for CyberArk integrates your HPE NonStop servers with your CyberArk Password Vault and Privileged Session Manager, closing the security gap by providing privileged account management, session visibility, and hardening in the privileged access management process using NonStop emulators, such as OutsideView.
Most NonStop environments also have SailPoint IdentityIQ in their IT ecosystem. Adding the integration with SailPoint IdentityIQ enables user governance, provisioning, automation, and reconciliation of HPE NonStop user accounts directly from SailPoint.
Attackers exploit the weakest link and walk right through the front door. If we continue to make it easy, these types of attacks will only continue.